//package com.itmuch;
//import org.springframework.boot.SpringApplication;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.web.csrf.CsrfFilter;
//import org.springframework.security.web.csrf.CsrfToken;
//import org.springframework.security.web.csrf.CsrfTokenRepository;
//import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
//import org.springframework.security.web.header.HeaderWriterFilter;
//import org.springframework.web.filter.OncePerRequestFilter;
//import org.springframework.web.filter.RequestContextFilter;
//import org.springframework.web.util.WebUtils;
//
//import javax.servlet.Filter;
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.http.Cookie;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//
///**
// * 有两种方案来做token
// * 方案A ------------------------------------------------------
// *
// * 1在zuul那边加上@EnableOAuth2Sso，这个类会跳向认证中心(认证中心有统一的登录页面，所有的项目不需要自己写)拿到token
// * 资源服务器上在加上@EnableResourceServer
// *
// * 方案B-------------------------------------------------
// * 自己做登录页面，zuul不加入@EnableOAuth2Sso,通过密码模式，clientid,secrect,加上登录的账号，密码换区token;
// * 2 然后访问资源服务器带上这个access_token;
// * 3 资源服务器上设置@EnableResourceServer
// *
// */
////@SpringBootApplication
////@EnableZuulProxy
////@EnableOAuth2Sso //需要看下spring-cloud sso怎么做的
//public class OAuthZuulApplication {
//    public static void main(String[] args) {
//        SpringApplication.run(OAuthZuulApplication.class, args);
//    }
//
//    @Configuration
//    protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//        @Override
//        public void configure(HttpSecurity http) throws Exception {
//            http.logout().and().antMatcher("/**").authorizeRequests()
//                    .antMatchers("/index.html", "/home.html", "/", "/login", "/beans", "/mbaas-core/**").permitAll()
//                    .antMatchers(HttpMethod.GET, "/test/**").permitAll()
//                    .anyRequest().authenticated().and().csrf()
//                    .csrfTokenRepository(csrfTokenRepository()).and()
//                    .addFilterBefore(new RequestContextFilter(), HeaderWriterFilter.class)
//                    .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
//        }
//
//        private Filter csrfHeaderFilter() {
//            return new OncePerRequestFilter() {
//                @Override
//                protected void doFilterInternal(HttpServletRequest request,
//                                                HttpServletResponse response, FilterChain filterChain)
//                        throws ServletException, IOException {
//                    CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
//                    if (csrf != null) {
//                        Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
//                        String token = csrf.getToken();
//                        if (cookie == null || token != null && !token.equals(cookie.getValue())) {
//                            cookie = new Cookie("XSRF-TOKEN", token);
//                            cookie.setPath("/");
//                            response.addCookie(cookie);
//                        }
//                    }
//                    filterChain.doFilter(request, response);
//                }
//            };
//        }
//
//        private CsrfTokenRepository csrfTokenRepository() {
//            HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
//            repository.setHeaderName("X-XSRF-TOKEN");
//            return repository;
//        }
//
//    }
//}